And about 3rd-party apps - they all use facebook API and pass variables to the facebook site. You are passing them to your own script (mobile.php) which ... people don't usually trust.
Actually, it is using the same POST variable passing that facebook and Conquer Club use. So it is as secure as this site with the exception of the pages being served on my own site. No sure why you think people don't trust PHP when every page on this site as well as much of the internet is served via PHP. /shrug
Also, I've never seen or played you before so I can't really say that I trust your word.
Heh, see you on the battlefield.